Best SIEM Logging With Graylog - Routing SIEM Logs with Graylog!

Показать описание

Join me as we continue on to Phase 5 of the World's Best SIEM Stack Series, parsing and routing our received Wazuh alerts with Graylog!.

Рекомендации по теме

Комментарии

Thanks for the video, I enjoyed watching all the parts! I don't fully understand why we collect logs using greylag and wazuh agents together? Why not use only one thing? Please explain this point in more detail.

vadimkutia

I've hunted and hunted for an ELI5 video on greylog and this is it. Thank you for such a fantastic and detailed series

iGarrettt

Great and clean (for taking a shower before rec the video) explanation! 😂

eldecloud

btw, to route events into a stream, you dont needba custom field at Input level

goto Streams, create new stream rule, gl2_source_input= GUID of the Input

you can find guid on input section of cfg

perfecto

Hello 👋, I’m new here you just get a new subscriber, please I do have questions do you know any php script to block a browser from visiting your site for example I want to block Firefox user from visiting my site. Which will display this browser not supposed. Please I do need help 🙏

williamice

hi Taylor, is it possible to add 2factor for wazuh login?

Damielsestrem

Taylor - is it possible to implement multi-tenancy where a tenant is a customer?

hspcd

At the end, you probably mean no more than 1000 unique keys per index.

Other reasons to create different indexes for different uses and sources is for security and response time reasons.

For instance the help desk may need to be able to see the time stamp of the most recent login and failure to login, as well as the source and attempts in the last 24 hours without being able to see who sent emails to HR.

mikegrok

Woow a very amazing video adds to my knowledge about this wazuh. I want to ask sir, I have WHM Root Server, Debian OS which is very outdated and does not support wazuh Agnet. We couldn't update it because of the many third-party apps that might not run when I run the update. (I know this is very fatal but I don't dare to take the risk when updating the OS). which is my question. do you have a solution for monitoring the server without installing the agent on the debian server?? is a reverse proxy with a server that supports wazuh agent possible?? ( on the reverse proxy I will install a firewall to secure the website and the wazuh agent for active monitoring and response) . Please advice from you sir. Best Regards

Huelilik

Hey Taylor.. been following along with this (excellent) series and have hit a hurdle at this stage. When applying the JSON exractor to both win and linux agent logs I get a processing error in Graylog:

gl2_processing_error
Replaced invalid timestamp value in message with current time - Value caused exception: Invalid format: is malformed at "T04:07:00.230+0000

Couple of questions:
[1] is this the aright place to post issues? If not can you point me there.
[2] have you come acoss this issue previously?

graylog-server 5.1.1-1
wazuh-indexer 4.4.5-1
ubuntu 22.04.2 LTS

enarcee

I followed the instructions, but I'm getting the below when go to create a parser on the input in grey log?

Elasticsearch exception [type=illegal_argument_exception, reason=key [types] is not supported in the metadata section].

Cluster Version: "number" : "7.10.2",
ii graylog-4.3-repository 1-6 all Package to install Graylog 4.3 GPG key and repository
ii graylog-integrations-plugins 4.3.15-1 all Graylog Integrations plugins
ii graylog-server 4.3.15-1 all Graylog server
ii mongodb-database-tools 100.7.0 amd64 mongodb-database-tools package provides tools for working with the MongoDB server:
ii mongodb-org 4.4.21 amd64 MongoDB open source document-oriented database system (metapackage)
ii 4.4.21 amd64 Extra MongoDB database tools
ii mongodb-org-mongos 4.4.21 amd64 MongoDB sharded cluster query router
ii mongodb-org-server 4.4.21 amd64 MongoDB database server
ii mongodb-org-shell 4.4.21 amd64 MongoDB shell client
ii mongodb-org-tools 4.4.21 amd64 MongoDB tools

robert

@taylorwalton_socfortress In this video, you created the "wazuh-alerts-socfortress_" index. How do you get this index to replace the default "wazuh-alerts-" index in wazuh dashboard so you can visualize the data?

ohioguy

Best SIEM Logging With Graylog - Routing SIEM Logs with Graylog!

Best SIEM Logging With Graylog - Routing SIEM Logs with Graylog!

World's Best SIEM Stack - Build your own Security Stack For FREE! - INTRO

Wazuh Content Pack For Graylog - Easily Configure Your SOCFortress SIEM Stack

Graylog Install - Best Log Ingester for Your SIEM!

Standardize Your SIEM Logs Now!

Graylog: Your Comprehensive Guide to Getting Started Open Source Log Management

Open Source Logging: Getting Started with Graylog Tutorial

Graylog Overview - Top Features, Pros & Cons, and Alternatives

Build a Powerful Home SIEM Lab Without Hassle! (Step by Step Guide)

Better SIEM operations with Central Log Collection

Best Open-Source Network Monitoring Tools 2023

SIEMs and Network Device Logs Don't Have To Be Difficult! - Ingest Firewall Logs Into Any SIEM!

Integrating LANGuardian Metadata with Graylog SIEM

How To Automate Cyber Threat Intel With Graylog and Greynoise. Auto Detect Malicious IPs!

Graylog Investigations Feature

Best SIEM Dashboards - Grafana Install and Dashboard Creation

this Cybersecurity Platform is FREE

Open Source Logging Getting Started with Graylog Tutorial HD

Логи и мониторинг: best practice / Олег Бервинов

Using Graylog and pfsense to Troubleshoot a UniFi Syslog Issue

Centralized Logging With Graylog - Nicolas Julian

The Graylog Goal and Inputs

Top 10 Best SIEM Tools for Cyber Attack Monitoring (Pros & Cons)

Detect Log4j RCE With Graylog GreyNoise